Red Hat Bugzilla – Bug 584397
Review Request: hivex - Read and write Windows Registry binary hive files
Last modified: 2016-04-26 11:08:21 EDT
Spec URL: http://94.30.104.162/rhel-5-rhev/hivex.spec SRPM URL: http://94.30.104.162/rhel-5-rhev/hivex-1.2.1-1.el5rhev.1.src.rpm Description: Hive files are the undocumented binary blobs that Windows uses to store the Windows Registry on disk. Hivex is a library that can read and write to these files. 'hivexsh' is a shell you can use to interactively navigate a hive binary file. 'hivexregedit' lets you export and merge to the textual regedit format. 'hivexml' can be used to convert a hive file to a more useful XML format. In order to get access to the hive files themselves, you can copy them from a Windows machine. They are usually found in %systemroot%\system32\config. For virtual machines we recommend using libguestfs or guestfish to copy out these files. libguestfs also provides a useful high-level tool called 'virt-win-reg' (based on hivex technology) which can be used to query specific registry keys in an existing Windows VM. For Perl bindings, see 'perl-hivex'.